[LOW] The `spaceless` filter implicitly marks its output as safe

PKSA-sjvz-tbbr-vwth CVE-2026-46628 GHSA-4j38-f5cw-54h7

Affected package: twig/twig

Affected version: >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.26.0

Reported by:
GitHub, FriendsOfPHP/security-advisories